SREG's Privacy Policy URL

Allen Tom atom at yahoo-inc.com
Tue Jun 2 18:14:04 UTC 2009 

OK, how about if we define a new Privacy Policy <Service> for RPs to 
include in their XRDS, with a link to their privacy policy?

So the RP would just include the following snippet in its discovery 
document, discoverable under its realm:

<Service>
  <Type>http://specs.openid.net/path/to/privacy/policy</type>
  <URI>http://www.relyingparty.com/path/to/privacy/policy.html
</Service>

I'm not sure where we can formally document this. I guess we can put it 
in the UI spec?

Allen



George Fletcher wrote:
> I think for a short-term solution we'd need to define service "types" 
> for the privacy policy and TOS for XRDS.
>
> For the long-term, the same could potentially be used as "rel" values 
> in the XRD markup. The XRD spec is solidifying but is not 100% stable.
>
> I think we should have a discovery option regardless of whether we 
> update UX or AX. So I'd like to see a proposal for XRDS and then when 
> XRD is available, supporting that.
>
> Thanks,
> George
>
> Allen Tom wrote:
>> Hi Luke,
>>
>> Yes, this is what we're looking for. Currently, in OpenID, the only 
>> way for the RP to link to its privacy policy (which is sort of like 
>> linking to its ToS) is by passing it in the openid.sreg.policy_url 
>> parameter using SREG.
>>
>> Since we're trying to deprecate SREG, we can try to move this 
>> parameter to either the UI or AX Extension, or move it into Discovery.
>>
>> Is there an actual Discovery spec?
>>
>> Allen
>>
>>
>> Luke Shepard wrote:
>>> FWIW, Facebook Connect allows relying parties to define a “terms of 
>>> service” url. We then show that link to users when they click on it. 
>>> With OpenID, the equivalent URL would be set using relying party 
>>> discovery. Is this more or less what you’re looking for?
>>>
>>> Screenshot:
>>>
>>>
>>>
>>>
>>> On 6/2/09 10:21 AM, "Allen Tom" <atom at yahoo-inc.com> wrote:
>>>
>>>
>>>     Alternatively, the RP could publish its privacy policy in its
>>>     discovery
>>>     document, which does make a lot of sense, but I understand that
>>>     there's
>>>     a lot of work going on to define the next generation of
>>>     discovery, and
>>>     I'm not quite sure what the timeframe is for that.
>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>   
>

More information about the specs mailing list